'Unable to encrypt data as this certificate is not meant for Encryption' or 'Unable to sign ...'
Originally Published: 2009-05-13
Article Number
Applies To
Issue
"Unable to encrypt data as this certificate is not meant for Encryption"
"Unable to sign as the certificate is not meant for signing or signature verification"
Cause
digitalSignature (0)
nonRepudiation (1)
keyEncipherment (2)
dataEncipherment (3)
keyAgreement (4)
keyCertSign (5)
cRLSign (6)
encipherOnly (7)
decipherOnly (8)
FIM looks for these values:
digitalSignature to enable signing
dataEncipherment to enable encryption
Set the KeyUsage bits for the 2 uses above to enable all uses in FIM for a given keystore. Hotfixes after FIM 4.0 HF8 and FIM 4.1 HF3 will allow signing and encryption with a keystore if key usage is not set or if bits 0 and 3 are set
Resolution
Related Articles
FIM - Null pointer exception -'error encrypting the name id unable to encrypt' Number of Views Generic REST AFX Connector does not encrypt Additional Parameters when defined as Encrypted in RSA Identity Governance & L… Number of Views View All Administrators Associated with an Administrative Role Number of Views Run Reports Number of Views Unification fails to identify terminated or deleted users in RSA Identity Governance & Lifecycle Number of Views
Trending Articles
RSA SecurID Authentication Engine 3.0.0 for Java Release Notes RSA Authentication Manager 8.3 Dell 630 and 230 hardware appliance loses ability to access keyboard when running PING 4.0 … RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA SecurID software token .sdtid file fails to import into RSA SecurID Software Token 5.0 for Windows Troubleshooting RSA MFA Agent for Microsoft Windows
Don't see what you're looking for?
